General Data Protection Regulation (GDPR, or officially – Regulation 2016/679) is finally adopted and published in Official Journal of the European Union last week, on May 4, 2016. It took more than 4 years for GDPR to be finalised since European Commission published first draft on January 25, 2012. GDPR will become in full force on May 25, 2018, – 2 years and 20 days after its publication.
Commission by May 25, 2020 and every four years thereafter, will have submit a report to the European Parliament and to the Council on the evaluation and review of GDPR. Those reports will be made public.
For business – although there are 2 years when GDPR comes into full force – it is strongly advised to start preparing right now as GDPR contains wide range of changes to EU data protection laws. For example, many organisations will have to appoint a data protection officer, report data breaches, undertake privacy impact assessments and more. In addition, sanctions for serious breaches of the GDPR are increased dramatically – fines my reach €20 million or up to 4% of global annual turnover, whichever is the greater.
Here are some resources to help you prepare to GDPR:
- British data protection authority – Information Commissioner’s Office has published a useful 12-step guide “Preparing for the General Data Protection Regulation – 12 steps to take now”.
- Another useful report is prepared by BNA: From Passage to Proposal – EU Data Protection Regulation (free registration may be required for download).
- On IAPP’s resource center on EU data protection reform you will find different useful resources.
Read also full text of GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
Along with GDPR two more documents related to data protection ware published:
- Directive 2016/680, governing data processing in law enforcement; and
- the Passenger Name Record Directive (Directive 2016/681).